CODESONAR 关于 stl::map 迭代器使用的缓冲区溢出注释

Question

....
wstring wstrFirst;
INFO_t* pstInfo = NULL;
INFO_MAP::const_iterator itrReqInfoEnd = RequestedInfoMap_i.end();
for( INFO_MAP::const_iterator itrReqInfo = RequestedInfoMap_i.begin();
     itrReqInfo != itrReqInfoEnd; 
     ++itrReqInfo )
{
    wstrFirst = itrReqInfo->first;
    pstInfo = itrReqInfo->second;
    ...

Please see above code snippet. I am running CODESONAR (static analysis tool) on this. My problem is that, at the last line ( pstInfo = itrReqInfo->second; ), CODESONAR shows following error:

This code reads past the end of the buffer pointed to by itrReqInfo->.

. itrReqInfo-> evaluates to &wstrFirst._Bx.

. The first byte read is at offset 48 from the beginning of the buffer pointed to by itrReqInfo->, whose capacity is 48 bytes.

. The offset exceeds the capacity.

. The overrun occurs in stack memory. The issue can occur if the highlighted code executes.

(here the highlighted code means pstInfo = itrReqInfo->second; )

Is it false-positive? If not, how can I fix that?

Answer 1

Since itrReqInfo is a const_iterator and the for is only walking it through the map from beginning to end, don't see how anything can be reading past a buffer limit. But would need to see a more complete example of this error to know for sure.

Answer 2

I had a similar issue reported in codesonar and I fix it using 'const reference'.

In your case I would try something like this...

wstring wstrFirst;
INFO_MAP::const_iterator itrReqInfoEnd = RequestedInfoMap_i.end();
for( INFO_MAP::const_iterator itrReqInfo = RequestedInfoMap_i.begin();
     itrReqInfo != itrReqInfoEnd; 
     ++itrReqInfo )
{
    wstrFirst = itrReqInfo->first;
    const INFO_t& pstInfo = itrReqInfo->second;